[ https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14343491#comment-14343491 ]
ASF GitHub Bot commented on STORM-446: -------------------------------------- Github user Parth-Brahmbhatt commented on the pull request: https://github.com/apache/storm/pull/448#issuecomment-76764354 We should fail close, however currently if the acl authorizer is no set we fail open. Not sure why did we make that choice but I did not want alternating behavior. My personal preference is to fail close on any potential security configuration mistake. > secure Impersonation in storm > ----------------------------- > > Key: STORM-446 > URL: https://issues.apache.org/jira/browse/STORM-446 > Project: Apache Storm > Issue Type: Improvement > Reporter: Sriharsha Chintalapani > Assignee: Parth Brahmbhatt > Labels: Security > > Storm security adds features of authenticating with kerberos and than uses > that principal and TGT as way to authorize user operations, topology > operation. Currently Storm UI user needs to be part of nimbus.admins to get > details on user submitted topologies. Ideally storm ui needs to take > authenticated user principal to submit requests to nimbus which will than > authorize the user rather than storm UI user. This feature will also benefit > superusers to impersonate other users to submit topologies in a secured way. -- This message was sent by Atlassian JIRA (v6.3.4#6332)